Computer systems provide a centralized source of valuable information that is often subject to attack. Systems are attacked by different people with disparate motives in a myriad of ways. Malicious hackers such as terrorists and hobby hackers are one category of people that attack computer systems. Terrorists or terror organizations can seek to steal information, damage or shut down systems to further their political and/or economic agendas. Hobbyists attempt to penetrate systems and cause damage for sport, to demonstrate their technological prowess and/or to expose vulnerabilities. Tools of malicious hackers can include viruses, worms, Trojan horses and other types of malware. Another category of people that attack systems is insiders. These people are often disgruntled employees who seek to utilize their authorization and knowledge of a system to appropriate or destroy information and/or shut the system down. While harm caused by attacks can vary, as a whole the cost in terms of time, money and privacy can be astronomical.
Various security software and/or packages are conventionally employed to combat hostilities with respect to computer systems. Such security software is device centric. In practice, a device is initially scrutinized by security software to locate and remove malicious or suspicious software (e.g., viruses, worms, spy ware . . . ). Furthermore, security settings or preferences can be set in an attempt to balance usability with protection. Thereafter, it is assumed that a device is safe or trusted and attempts are made to thwart outside malicious activity from affecting the device, such as by monitoring incoming data, ports, and device executable software for suspicious activity. A user or administrator can be notified upon detection of suspicious activity and to provide guidance with respect to any action to be taken. For example, a user can choose to allow a particular program to execute or block access to a process attempting to access a machine. In essence, the described security software attempts to prevent unauthorized device access. Other security mechanisms can be utilized to protect information should the prevention fail.
As the amount of available electronic data grows, it becomes more important to store such data in a manageable manner that facilitates user friendly and quick data searches and retrieval. Today, a common approach is to store electronic data in one or more databases. In general, a typical database can be referred to as an organized collection of information with data structured such that a computer program can quickly search and select desired pieces of data, for example. Commonly, data within a database is organized via one or more tables. Such tables are arranged as an array of rows and columns.
Such database systems can become complex to manage, wherein substantial investment of time of a skilled administrator is typically required. For example, adjusting required hardware and software configuration in order to keep pace with changing workloads, user requirements, and hardware device failures becomes a challenging task. The administrator's job includes initial database configuration, continuous monitoring of the database's performance and knob tuning, as well as continuous reconfiguration, either to update the database resources or re-organize them in a different way.
In addition, modern database systems provide a separation of duties between a database administrator (db_admin) and a database owner (dbo). In general, db_admin is allowed to perform any actions in a database system, while a database owner (dbo) has full control only within the boundaries of his database and becomes an ordinary user outside his database domain. process attempting to access a machine. In essence, the described security software attempts to prevent unauthorized device access. Other security mechanisms can be utilized to protect information should the prevention fail.
Such can further expose the database administrators to risks such as a class of attack, which allows the possibility of a malicious dbo executing arbitrary code under context of db-admin, via luring mechanisms. For example db_admin can perform such harmless action as shrinking database files and inadvertently be lured into executing malicious procedures. Likewise, db_admin requires protection against malicious code planted inside attached database or a database backup file. The code in such database can be executed using both triggers or by tampering with known stored procedures to inject malicious payload. For example, such techniques enable an attacker to obtain full control of a database server, gain access to sensitive data, plant a worm or rootkit into a database server or employ a database server as a vehicle to hide and spread OS worms or rootkits.